Accounting using Syslog

Keep track of all executed commands on a Cisco devices is one of the mandatory features for network engineer to ensure deep accounting and advanced monitoring about their networks.

This task is usualy accomplished by deploying Tacacs+ Server and enabling AAA new-model. However, in this post we will demonstrate another way to get slightly the same result with all details about executed commands, in which configuration mode, at what time, by which user, and returning results (if it is a show command for example).

  • Basic Configuration :
Router#conf t
Router(config-archive)#log config
Router(config-archive-log-cfg)#logging enable
Router(config-archive-log-cfg)#logging size 1000

All executed commands will be stored locally in the device. What can be seen using “show archive log config all” command

Router#sh archive log config all

idx   sess           [email protected]      Logged command
1      1            [email protected]     |interface FastEthernet0/24
2      1            [email protected]     | description Connection_to_Internet
3      1            [email protected]     | no shutdown

The log file has a limited size and its content can be deleted. The reason why it is recommanded to send notifications to a syslog server about each information.

Router(config)#logging host
Router(config-archive)#log config
Router(config-archive-log-cfg)#notify syslog

Useful Links:

  • Link-1

no comment

    Add Your Comment

    eighteen − 11 =